Filetype PDF | Posted on 05 Feb 2023 | 2 years ago
Authentication
digital resources
212x Filetype PDF File size 1.44 MB Source: army-energy.army.mil
Industrial Control Systems (ICS) Inventory Methodology
Contents
Executive Summary ....................................................................................................................................... 3
Why is an ICS inventory necessary ................................................................................................................ 5
Who should perform this inventory activity ................................................................................................. 5
When is an inventory necessary ................................................................................................................... 5
ICS Component types that will be inventoried ............................................................................................. 6
Inventory Results – Storage and Protection ................................................................................................. 6
ICS Component Inventory Methodology Levels ........................................................................................... 6
Conducting an ICS Inventory ......................................................................................................................... 8
Logical Inventory ....................................................................................................................................... 9
Physical inventory ................................................................................................................................... 10
Tools required to conduct an ICS inventory activity ................................................................................... 10
Appendix 1- HQDA EXECUTE ORDER 002-13 .............................................................................................. 11
Appendix 2 - ICS Components Subject to Inventory ................................................................................... 15
2
Executive Summary
The development and implementation of this Industrial Control Systems (ICS) Inventory Methodology is
in support of the Headquarters, Department of the Army (HQDA) Execute Order (EXORD) 002-13; Army-
Wide Inventory of Industrial Control Systems and Supervisory Control and Data Acquisition Systems and
the implementation of the Cybersecurity Risk Management Framework. Traditionally, “Industrial Control
Systems” are fixed installation networked control systems comprised of robust hardware and
components to ensure a high level of reliability and redundancy. Within the Department of Defense, ICS
is used to refer to a broader range of automated control systems, including those that traditionally have
not been considered "industrial" such as building automation, electronic security systems, and metering
systems. The DoD definition of ICS includes "real property control systems" and "industrial process
(manufacturing)" control systems but excludes weapon systems. The standardized inventory method
shall be applicable to a wide range of unrelated ICS including, but not limited to: security; fire; heating,
ventilation and air conditioning; medical technologies; and manufacturing. The purpose of this
document is to provide amplifying guidance that helps to define the following statements when
performing an ICS inventory:
• Reasoning behind conducting an ICS inventory
• Identify the appropriate personnel to perform the inventory
• Identify when the inventory is necessary
• Identify the components to be included in the inventory
• Identify the sources of information that can be used to conduct the inventory
• Identify tools that may be used to assist the inventory
• Identify the steps required to perform the inventory
• Discuss the constraints and barriers of conducting the inventory
• Maintaining current and accurate inventory information
There are several reasons why an ICS inventory needs to be conducted. At the most basic level, it allows
commanders to identify what Army-owned or operated ICS are used to conduct business and execute
missions. This information can be used to ensure that systems are not susceptible to specific
vulnerabilities which can be used to weaken the ICS mission. It also allows the ICS owner to define the
criticality of the ICS as it relates to their specific mission or business processes allowing them to ensure
that the ICS is capable of reliably meeting current and future requirements. In short, the information
derived can be used to satisfy many different types of data calls.
In order to accurately perform an inventory, personnel must have a basic understanding of what an ICS
is. While the inventory personnel may not be cognizant of the specific mission of a particular ICS, they
can work with local Subject Mater Experts (SMEs) to identify the components that need to be included
in the inventory. This allows for a streamlined and cost effective asset count.
There are two parts to determining the necessity of conducting an ICS inventory. First, a baseline
inventory of all relevant components must be conducted using the guidance contained within this
document. Once the baseline inventory is conducted, it will need to be maintained as part of the overall
3
sustainment function of the ICS lifecycle. This includes making the appropriate updates when
inventoried hardware or software components are modified.
Identification of the components to be included in the inventory is essential to the overall value of the
inventory itself. In order to meet the cyber vulnerability assessments, all Ethernet or Ethernet capable
devices that comprise an ICS must be part of the ICS inventory. Then, using the tiered ICS architecture as
well as the amplifying information contained in this document, the remaining types of components and
their rationale for inclusion into the inventory will be shown.
In addition to physically conducting a hardware and software inventory, other sources of information
should also be utilized. ICS design documentation, purchase orders, system manuals, control system
databases, and drawings should be consulted to aid in the identification and location of ICS components.
These artifacts also serve as the basis of which to begin the inventory itself. Utilizing existing
documentation will help streamline the inventory process and also help to ensure that all components
of the ICS are understood.
To conduct a successful inventory, there are multiple steps involved. Coordinating with the site points of
contact and ICS SMEs is paramount to component identification and location. Next, a logical inventory of
the Ethernet based devices is performed to create a logical device map of components and ascertain
system interfaces. A review of existing documentation and inventories is then performed and finally a
physical inventory of the components will be performed.
There are multiple potential roadblocks when conducting an ICS inventory. Most ICS are comprised of
hundreds, if not thousands of components that may be part of the inventory. Many of these
components are installed where physical access is not easily gained. This roadblock alone is a significant
burden to the personnel conducting the inventory and their assigned support personnel. Other barriers
to conducting a complete inventory are the scheduling and possible interruption of business processes
(especially manufacturing or fabrication) systems resulting in an impact to mission support.
4
no reviews yet
Please Login to review.
